1. Purpose of this Notice

This Privacy Notice explains how Kenley Financial Ltd collects and uses your personal information when you use our services. We process your data in accordance with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).

We are the data controller, which means we are responsible for deciding how your personal information is used when providing financial advice and related services.

When we refer to “we”, “us” or “our”, we mean Kenley Financial Ltd.

We are committed to handling your information fairly, lawfully and transparently.
We follow core data protection principles, meaning your personal information will be:

• Used lawfully, fairly and transparently
• Collected only for clear and legitimate purposes
• Limited to what is necessary
• Accurate and kept up to date
• Retained only for as long as needed
• Kept securely

We maintain internal policies and safeguards to protect your information, and we review these regularly to ensure we meet our legal and regulatory obligations.

If you have any questions about this notice or how we use your personal data, you can contact us at:

Email: mail@kenleyfm.co.uk
Address: 12 Croydon Road, Caterham CR3 6QB

2. What information do we collect?

To provide financial advice and related services, we may collect:

• Contact information
• Identity information
• Financial information
• Employment and income information
• Records of communications and interactions with you
• Criminal conviction/offence information (where relevant for regulatory compliance)
• Opinions, feedback and service‑related information
• Details about your investment objectives, risk profile and financial circumstances
• Any other information required to provide our services

We may also receive information about you from third parties, such as product providers or other organisations you have authorised.

3. Why and how will your information be processed?

We use your personal information to:

• Provide financial advice and related services
• Assess your needs and make suitable recommendations
• Communicate with you and manage our relationship
• Meet our legal and regulatory obligations
• Maintain accurate business and financial records
• Improve the services we offer
• Provide relevant updates or service‑related communications (where permitted under data protection law)

 

3.1 Lawful bases for processing

We rely on the following lawful bases to process your personal data:

• Contractual necessity – to provide the services you request
• Legal obligations – such as anti-money laundering and regulatory requirements
• Legitimate interests – such as improving our services and maintaining business records
• Consent – used only for optional communications or optional referrals

You may withdraw consent at any time.

3.2 Marketing

We may contact you with information about our services where the law permits.
You can opt out of these communications at any time.

4. Information we hold about you

We may hold the following categories of personal information:

• Contact and identity information
• Financial and investment related details
• Bank account details (if required for transactions)
• Employment and income information
• Qualifications and experience (where relevant to advice)
• Criminal conviction/offence data (only where legally required or appropriate for regulatory compliance)
• Special category data, such as health information or other sensitive details needed to understand your circumstances, assess suitability or identify vulnerability

  

4.1 Special category data

In certain circumstances, we may need to process special category or criminal conviction data. This may include:

• Health or lifestyle information relevant to assessing vulnerability, capacity for loss or the suitability of investment advice
• Criminal conviction/offence information where required for financial crime prevention, regulatory compliance or legal obligations
• Information relating to vulnerability, capacity for loss, mental or physical health or other factors essential to ensuring appropriate investment recommendations

We only process this type of data where it is necessary, lawful and proportionate, and where required for:

• Meeting regulatory obligations
• Providing suitable financial advice
• Identifying and supporting vulnerable customers
• Preventing financial crime
• Establishing, exercising or defending legal claims

 

5. How long do we keep your data?

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected and to meet our legal and regulatory obligations. This includes requirements relating to financial services regulation, record keeping, fraud prevention and responding to queries.

 Once the applicable retention periods have expired, we securely delete your personal information unless we are required by law or regulation to retain it for a longer period.

 

6. Who do we share your data with?

We may share your personal data with:

• Product providers and investment platforms
• Insurers (where relevant)
• Professional advisers, such as compliance consultants or auditors
• IT and outsourced service providers that support our operations
• Regulatory bodies, such as the Financial Conduct Authority (FCA) or Information Commissioner’s Office (ICO), where required
• Any third party where you have instructed us or provided consent

 We do not sell your personal information.

Where data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place to protect your data.

 

7. Your rights

Under UK GDPR, you have the following rights:

• To be informed
• To access your personal information
• To correct inaccurate information
• To request erasure
• To restrict processing
• To request data portability
• Rights relating to automated decision making‑ and profiling

You can contact us at any time to exercise these rights.

8. How we protect your data

We use appropriate technical and organisational measures to protect your personal data. These include:

• Data encryption and secure storage
• Access controls and authentication
• Regular security monitoring and testing
• Staff training on data protection
• Supplier due diligence and oversight

These measures help protect your data from unauthorised access, loss or misuse.

9. Updates to this notice

We may update this Privacy Notice periodically. Any significant changes will be communicated to you directly or made available on our website.

10. Complaints

If you have concerns about how your data has been handled, please contact us using the details in section 1.

If you remain dissatisfied, you can raise a complaint with the Information Commissioner’s Office (ICO):

Website: https://ico.org.uk/global/contact-us/

Address:
Information Commissioner’s Office
Wycliffe House